Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Resend : Question about EXTPROC and vulnerability

Resend : Question about EXTPROC and vulnerability

From: Hemant K Chitale <hkchital_at_singnet.com.sg>
Date: Tue, 29 Jul 2003 06:59:27 -0800
Message-ID: <F001.005C7A79.20030729065927@fatcity.com> 






Resending this email, hoping for a reply this time.



>Date: Fri, 25 Jul 2003 07:49:24 -0800

>To: Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>

>X-Comment: Oracle RDBMS Community Forum

>X-Sender: Hemant K Chitale <hkchital_at_singnet.com.sg>

>Sender: ml-errors_at_fatcity.com

>Reply-To: ORACLE-L_at_fatcity.com

>From: Hemant K Chitale <hkchital_at_singnet.com.sg>

>Subject: Question about EXTPROC and vulnerability

>Organization: Fat City Network Services, San Diego, California

>

>

>Oracle's Security Alert #29  [Note 175429.1] on the EXTPROC recommends the 

>workaround to disable

>EXTPROC as

>    1.  Removing the entry for extproc/PLSExtproc/icache_extproc from the 

> listener.ora

>    2.  Removing the entry from the tnsnames.ora

>    3.  Renaming or removing the extproc executable

>

>Why should all three actions be necessary ?  Why not just removing the 

>entry from the

>listener.ora ?  Can extproc be called without the listener configured ?

>

>Security Alert #57 just talks of the CREATE LIBRARY privilege and makes no 

>mention of

>updating the listener.ora or tnsnames.ora or removing/renaming the extproc 

>executable.  Why ?

>Is it that Oracle wants people to use EXTPROC [or makes use of EXTPROC 

>itself] so it

>does not specify how EXTPROC can be disabled ?

>

>

>




Hemant K Chitale


Oracle 9i Database Administrator Certified Professional
My personal web site is :  http://hkchital.tripod.com



-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Hemant K Chitale
  INET: hkchital_at_singnet.com.sg

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Tue Jul 29 2003 - 09:59:27 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US